<?php
session_start();
include("../include/config.inc.php");
include("../include/version.inc.php");
include("../include/tables.inc.php");
include("../include/funktion.inc.php");
include("../include/rights.inc.php");


if(!isset($_SESSION['userid']))
   weiterleitung("index.php");

$rights = $_SESSION['ses_rights'];
$menu = menu($rights);

if(!check($_SERVER['PHP_SELF'],$rights))
  weiterleitung("uebersicht.php");

if(!is_numeric($id = $_GET['id'])) $id = 0;
$was = $_GET['was'];
$fehler = $text = "";


if($was == "del")
   {
   mysql_query("DELETE FROM `$userdb` WHERE `id` = '$id'");
   $was = "";
   }

if($was == "edit_save")
   {
   $username = $_POST['username'];
   mysql_query("UPDATE `$userdb` SET `username` = '$username' WHERE `id` = '$id';");

   if(isset($_POST['allrights']))
      $rights = NULL;
   else
      {
      $rights = 0;

      if(isset($_POST['verwalten-php']))
         $rights += $rights_files['verwalten.php'];

      if(isset($_POST['write-php']))
         $rights += $rights_files['write.php'];

      if(isset($_POST['einstellungen-php']))
         $rights += $rights_files['einstellungen.php'];

      if(isset($_POST['automails-php']))
         $rights += $rights_files['automails.php'];

      if(isset($_POST['design-php']))
         $rights += $rights_files['design.php'];

      if(isset($_POST['export-php']))
         $rights += $rights_files['export.php'];

      if(isset($_POST['user-php']))
         $rights += $rights_files['user.php'];
      }

   if(mysql_query("UPDATE `$userdb` SET `rights` = ".(($rights === NULL) ? "NULL" : "'$rights'")." WHERE `id` = '$id';"))
      $_SESSION['ses_rights'] = $rights;

   $was = "uebersicht";
   }

if($was == "edit")
   {
   $abfrage = "SELECT * FROM `$userdb` WHERE `id` = '$id'";
   $ergebnis = mysql_query($abfrage);
   $row = mysql_fetch_object($ergebnis);

   $text = '
   <form action="?was=edit_save&id='.$id.'" method="post" target="">
   <center><a href="user.php">Zur&uuml;ck zur &Uuml;bersicht</a></center><br>

   <table bgcolor="#000000" cellpadding="5" cellspacing="1" align="center" width="450">

   <tr bgcolor="#314477">
    <th colspan="2"><font color="#ffffff"><b>User: '.$row->username.'</b></font></th>
   </tr>


   <tr bgcolor="#FFFFFF">
    <td><b>Username:</b></td>
    <td><input type="Text" name="username" value="'.$row->username.'" size="35" maxlength="50"></td>
   </tr>

   <tr bgcolor="#314477">
    <th colspan="2"><font color="#ffffff"><b>Zugriffsrechte</b></font></th>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="allrights" value="1" id="allrights" '.(($rights === NULL) ? 'checked' : '').'><label for="allrights"> <b>Alle Rechte</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="verwalten-php" value="1" id="verwalten.php" '.((check("verwalten.php",$rights)) ? 'checked' : '').'><label for="verwalten.php"> <b>Emails verwalten</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="write-php" value="1" id="write.php" '.((check("write.php",$rights)) ? 'checked' : '').'><label for="write.php"> <b>Newsletter schreiben</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="einstellungen-php" value="1" id="einstellungen.php" '.((check("einstellungen.php",$rights)) ? 'checked' : '').'><label for="einstellungen.php"> <b>Einstellungen</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="design-php" value="1" id="design.php" '.((check("design.php",$rights)) ? 'checked' : '').'><label for="design.php"> <b>Design anpassen</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="export-php" value="1" id="export.php" '.((check("export.php",$rights)) ? 'checked' : '').'><label for="export.php"> <b>Emails importieren/exportieren</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="user-php" value="1" id="user.php" '.((check("user.php",$rights)) ? 'checked' : '').'><label for="user.php"> <b>Benutzer verwalten</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2" align="center"><input type="Submit" name="" value="Speichern"></td>
   </tr>

    </table></form>';
   }

if($was == "new_save")
   {
   $username = $_POST['username'];
   $pw = md5($_POST['pw']);
   $pw2 = md5($_POST['pw2']);

   if(isset($_POST['allrights']))
      $rights = NULL;
   else
      {
      $rights = 0;

      if(isset($_POST['verwalten-php']))
         $rights += $rights_files['verwalten.php'];

      if(isset($_POST['write-php']))
         $rights += $rights_files['write.php'];

      if(isset($_POST['einstellungen-php']))
         $rights += $rights_files['einstellungen.php'];

      if(isset($_POST['automails-php']))
         $rights += $rights_files['automails.php'];

      if(isset($_POST['design-php']))
         $rights += $rights_files['design.php'];

      if(isset($_POST['export-php']))
         $rights += $rights_files['export.php'];

      if(isset($_POST['user-php']))
         $rights += $rights_files['user.php'];
      }

   if(empty($username) OR $pw != $pw2 OR empty($_POST['pw']))
      {
      $fehler = "Bitte einen Benutzernamen und zwei identische Passw&ouml;rter eingeben";
      $was = "new";
      }
   else
      {

      $eintrag = "INSERT INTO `$userdb` (`username`, `pw`, `rights`) VALUES ('$username', '$pw', ".(($rights === NULL) ? "NULL" : "'$rights'").")";
      $eintragen = mysql_query($eintrag);

      if(!$eintragen)
         $fehler = "Benutzer konnte nicht erstellt werden, ggf. Username schon vergeben.<br><br>";

      $was = "";
      }




   }

if($was == "new")
   {
   $text = '
   <form action="?was=new_save" method="post" target="">
   <center><a href="user.php">Zur&uuml;ck zur &Uuml;bersicht</a></center><br>

   <table bgcolor="#000000" cellpadding="5" cellspacing="1" align="center" width="450">

   <tr bgcolor="#314477">
    <th colspan="2"><font color="#ffffff"><b>Neuer Benutzer</b></font></th>
   </tr>


   <tr bgcolor="#FFFFFF">
    <td><b>Username:</b></td>
    <td><input type="Text" name="username" value="" size="35" maxlength="50"></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td><b>Passwort:</b></td>
    <td><input type="Password" name="pw" value="" size="35" maxlength="50"></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td><b>Passwort:</b><br><small>(Wiederholen)</small></td>
    <td><input type="Password" name="pw2" value="" size="35" maxlength="50"></td>
   </tr>

   <tr bgcolor="#314477">
    <th colspan="2"><font color="#ffffff"><b>Zugriffsrechte</b></font></th>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="allrights" value="1" id="allrights"><label for="allrights"> <b>Alle Rechte</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="verwalten-php" value="1" id="verwalten.php" checked><label for="verwalten.php"> <b>Emails verwalten</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="write-php" value="1" id="write.php" checked><label for="write.php"> <b>Newsletter schreiben</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="einstellungen-php" value="1" id="einstellungen.php"><label for="einstellungen.php"> <b>Einstellungen</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="design-php" value="1" id="design.php"><label for="design.php"> <b>Design anpassen</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="export-php" value="1" id="export.php"><label for="export.php"> <b>Emails importieren/exportieren</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2"><input type="Checkbox" name="user-php" value="1" id="user.php"><label for="user.php"> <b>Benutzer verwalten</b></label></td>
   </tr>

   <tr bgcolor="#FFFFFF">
    <td colspan="2" align="center"><input type="Submit" name="" value="Speichern"></td>
   </tr>

    </table></form>';
   }

if($was == "" OR $was == "uebersicht")
   {
   $text = '
   <center><a href="?was=new"><b>Neuen Benutzer anlegen</b></a></center><br>
   <table bgcolor="#000000" cellpadding="5" cellspacing="1" align="center" width="450">
   <tr bgcolor="#314477">
    <th colspan="3"><font color="#ffffff"><b>User</b></font></th>
   </tr>';


   $abfrage = "SELECT * FROM `$userdb` ORDER BY id";
   $ergebnis = mysql_query($abfrage);
   while($row = mysql_fetch_object($ergebnis))
      {
      $text .= "
   <tr bgcolor=\"#FFFFFF\">
    <th>$row->username</th>
    <td align=\"center\" width=\"75\"><a href=\"?was=edit&id=$row->id\">Bearbeiten</a></td>
    <td align=\"center\" width=\"75\"><a href=\"?was=del&id=$row->id\">L&ouml;schen</a></td>
   </tr>";
      }

   $text .= '</table>';
   }


?>


<html>
<head>
<title>Clanletter - Admin Bereich</title>
<meta name="author" content="Andavos">
<style type="text/css">
<!--
a:hover { text-decoration:none; }

BODY {

     SCROLLBAR-FACE-COLOR: #4F5271;
     SCROLLBAR-HIGHLIGHT-COLOR: #243D62;
    SCROLLBAR-SHADOW-COLOR: rgb(32,32,32);
    SCROLLBAR-ARROW-COLOR: #ffffff;

}

.anhang {
 font-size: 14px;
 color: #000000;
 background-color: #899FBF;

 border-color: #000000;
 border-top-width :1pt;
 border-right-width : 1px;
 border-bottom-width : 1px;
 border-left-width : 1px;
}

-->
</style>


</head>
<body text="#000000" bgcolor="#D0D0D0" link="#000060" alink="#000060" vlink="#000060">


<table cellpadding="5" cellspacing="2"  bgcolor="black" align="center" width="85%">
<tr>
 <td width="205" valign="top" bgcolor="#899FBF"><a target="_blank" href="http://www.php-einfach.de"><img src="php-einfach.jpg" width="199" height="66" border="0" alt="PHP-Einfach.de"></a> <br>


 <?php echo $menu; ?>


<font size="-1"> <a target="_blank" href="http://www.php-einfach.de">&copy; PHP-Einfach.de Clanletter 2.0</a><br>
 </td>
  <td valign="top" bgcolor="#9BAAC1">
<div align="center"><h2>Benutzer</h2></div>

<center><font color="#BD0000"><b><?php echo $fehler; ?></b></font></center>


<?php echo $text; ?>


  </td>
</tr>
</table>

</body>
</html>
